§1.1 Field of the Invention
Embodiments consistent with the present invention relate to user authentication for devices with touch sensitive elements, such as touch sensitive display screens for example.
§1.2 Background Information
Most desktop and laptop computers, and portable devices such as mobile phones, pagers, and organizers, use a keyboard or a small keypad for human-machine interaction and data entry. As an alternative to keyboards, keypads, and mice or other pointer devices, some computers and portable devices use touch screen displays for data entry and user interaction. While early touch screen devices required the use of a stylus to track touch coordinates, recent devices allow users to use their fingers to enter inputs over touch screen display. Some touch screen devices can track multiple touch coordinates to improve the efficiency and quality of user device interaction.
Today, most authentication systems use alphanumeric passwords. In systems using alphanumeric passwords, users are asked to specify a username and a password to create an account. Later, during an authentication phase, users must enter their usernames and passwords correctly to start a session.
The security level of alphanumeric based password systems relies on the use of passwords with high entropy. Unfortunately, it is very hard for many users to remember a high entropy password which consists of random numbers, letters, and/or symbols. If users are forced to use high entropy passwords, they may tend to write them down on a sheet of paper, but this creates another security problem. To cope with these problems, smart cards or biometrics might be used with the classic alphanumeric passwords to increase the system security. However, these technologies increase system costs.
Problems that arise when alphanumeric passwords are used on computers and portable devices with touch sensitive input include the following. First, it may be hard and distracting for users to enter alphanumeric passwords, especially if the password is long and random. This problem is exacerbated when a user must enter such a password using a virtual keyboard on a touch screen. Consequently, users generally select low entropy passwords which are easier to enter on the virtual keyboard, but which are inherently less secure. Even if high entropy passwords are used, it is hard to remember such high entropy passwords. So users might, and often do, write passwords down and keep these written passwords along with the portable devices to recall later. Unfortunately, this becomes a significant security threat considering the likelihood of theft. Using biometrics such as fingerprints increases system costs. Furthermore, biometrics alone, which are often static (that is, are based on a snapshot of information, such as a fingerprint for example, which does not change with time) can also be recorded and duplicated by attackers to circumvent the authentication system. Tokens and smart cards can be stolen or lost, and require users to carry additional items.
Furthermore, although many computers and portable devices in the market today have data input capabilities such as touch screens, touch pads, and accelerometers, for example, and although some proposed authentication systems use these devices (See, e.g., U.S. Pat. No. 6,421,453 titled “APPARATUS AND METHODS FOR USER RECOGNITION EMPLOYING BEHAVIORAL PASSWORDS,” U.S. Pat. No. 6,935,951 titled “ELECTRONIC SIGNATURE CAPABILITY IN A GAMING MACHINE”, U.S. Pat. No. 7,301,526 titled “DYNAMIC ADAPTATION OF GESTURES FOR MOTION CONTROLLED HANDHELD DEVICES”, U.S. Patent Application Publication No. 2003/0001818 titled “HANDWRITTEN DATA INPUT DEVICE AND METHOD, AND AUTHENTICATING DEVICE AND METHOD,” U.S. Patent Application Publication No. 2003/0132974 titled “FREE-SPACE GESTURE RECOGNITION FOR TRANSACTION SECURITY AND COMMAND PROCESSING,” U.S. Patent Application Publication No. 2004/0239624 titled “FREEHAND SYMBOLIC INPUT APPARATUS AND METHOD,” U.S. Patent Application Publication No. 2005/0063567 titled “AUTHENTICATION APPARATUS AND AUTHENTICATION METHOD,” U.S. Patent Application Publication No. 2007/0236330 titled “SYSTEM AND METHOD FOR PERFORMING USER AUTHENTICATION BASED ON USER BEHAVIOR PATTERNS,” U.S. Patent Application Publication No. 2008/0092245 titled “MULTI-TOUCH DEVICE BEHAVIOMETRIC USER AUTHENTICATION AND DYNAMIC USABILITY SYSTEM,” U.S. Patent Application Publication No. 2008/0192005 titled “AUTOMATED GESTURE RECOGNITION,” U.S. Patent Application Publication No. 2008/0273764 titled “PERSONAL GESTURE SIGNATURE,” and U.S. Patent Application Publication No. 2009/0083847 titled “EMBEDDED AUTHENTICATION SYSTEMS IN AN ELECTRONIC DEVICE,” each incorporated herein by reference.), such proposed authentication systems could be improved to provide more user friendly and/or more secure authentication.